Security Report Summary
D
| Site: | https://www.qatarairways.com/en-us/Privilege-Club/loginpage.html | ||
|---|---|---|---|
| IP Address: | 23.72.34.166 | ||
| Report Time: | 26 Aug 2025 19:41:53 UTC | ||
| Headers: |
|
||
| Advanced: |
|
Missing Headers
| Content-Security-Policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. |
|---|---|
| Referrer-Policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
| Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
Warnings
| Strict-Transport-Security | The "max-age" directive is too small. The minimum recommended value is 2592000 (30 days). |
|---|
Raw Headers
| HTTP/2 | 200 |
|---|---|
| server | Apache |
| x-content-type-options | nosniff |
| x-xss-protection | 1 |
| accept-ranges | bytes |
| vary | Accept-Encoding |
| access-control-allow-headers | Accept,traceparent,Request-Id,Content-Type,User-Agent |
| content-type | text/html; charset=UTF-8 |
| x-akamai-transformed | 9 46148 0 pmb=mTOE,2mRUM,2 |
| content-encoding | gzip |
| date | Tue, 26 Aug 2025 19:41:53 GMT |
| set-cookie | AKA_A2=A; expires=Tue, 26-Aug-2025 20:41:53 GMT; path=/; domain=qatarairways.com; secure; HttpOnly |
| server-timing | cdn-cache; desc=MISS |
| server-timing | edge; dur=63 |
| server-timing | origin; dur=333 |
| x-frame-options | SAMEORIGIN |
| strict-transport-security | max-age=86400 |
| set-cookie | bm_ss=ab8e18ef4e; Secure; SameSite=None; Domain=.qatarairways.com; Path=/; HttpOnly; Max-Age=3600 |
| set-cookie | _abck=AA6896BC2C02D36D25131279657930C8~-1~YAAQpiVIF8g7ZeOYAQAAXrbm5w5uEPcybLuD8XncXw7zprikSOt/VXM8Z2p32GRQFPRQIwKzAsPNt0OuJz49keGnR5HrqwxXRQPmQWq9bi4fy+n0NASBigeAmakpyoJhCjJRUjfyLp6MDUTXTYGGM8DCj7I1+oh5VVgvSPiJGa54hN6LGJYpDudwUk+z//dcOtyi13vm3hZr23BG1o1/XHW6ea5ZKcBP7NJqG/kanDcW5aOxOvvcDsi2TjVKbe/LkbOxbx5lFC4vaxTeOP5klvZadocT3hm+QPUlbgBKAk8MrMvJTyBQKKAQCb4CSSdDIeFjL3HaDx4DdM6CNMi0ExetjOUcE9peyOoF0ktpEivkEnd/gtF9vRnF16QW2ILIH7HD77hIEY2b+lvGk/Wb/PnhwmmZhszqR3kvOZYyZPNvLMk5n7UroEE/g0M55uKkOndLesPRN3W5SplAe3s=~-1~-1~-1~~; Domain=.qatarairways.com; Path=/; Expires=Wed, 26 Aug 2026 19:41:53 GMT; Max-Age=31536000; Secure |
| set-cookie | ak_bmsc=400756D07665271D7DC0F0B77EE0275E~000000000000000000000000000000~YAAQpiVIF8k7ZeOYAQAAXrbm5xzKXQE2WznyJn4B6bkyh1R6utAF2RlSnQVEVxGZJww/m4WSEbDVRuS2Cw23h+3DY1Doeram6ptdfTFgROGa/g7CgCfXKCAFHuHoXVBgAb9MCC2eUc1NcYQ06yIRjVAayaArN5d4c2euUvr25l6yRFECabxEdv9SCUArHFaod3DV8TBv0p1Mw+Uw7MsHrVYnuICdTn4eTHaYce9HvO41FfdAG82OcGrhA9QsND1ckKIVfIubwOxasetDBtmVaGGKGxWFCdW7EKjXLMWlSm/4OSMRKLqAf5G+noysbN9dL+53/+wbOEkYlqpYTXZ/UrHHm4AQcm2sKl4jBcS+f8jP6ZfA5dNXm04T+YmXgtEFtTTdZJN7LzaEvBB+uKnvkYVqBw==; Domain=.qatarairways.com; Path=/; Expires=Tue, 26 Aug 2025 21:41:53 GMT; Max-Age=7200 |
| set-cookie | bm_mi=D593B2EE05D22385724DA71B4F354722~YAAQpiVIF8o7ZeOYAQAAXrbm5xziQb/uXf/B6letvADaaDcBmvHjKI/Ge8Tp99YHh/dd1A/mM5gGm6n+SU1mE9eET4pygUs7gCp5IQGucoeWuWvc6zsAx0bEad0HACalDfoPXcy47FS7hy6zRd4knyBx7D37ZtUMr2sVLBCYgKchtaLrmW2NSBtKcj4m7lZOLgh1OFA+af/KhoeCi4+6H4YWlyuSaX/8bhV1p2sK4lvxB+pUiD9av0mxZ1nnDfd2rkZVYkkyKGE9stOBDDxJfrb4eaqr6KiePzI65FtRqT1LD4Mrl2z14vsnqFfpf2XMKMxfMu2ORm3jQk2pp4fjFGay74P3R32WOprMFalAiJ1wt9OheE+Z~1; Domain=.qatarairways.com; Path=/; Expires=Tue, 26 Aug 2025 19:41:53 GMT; Max-Age=0; Secure |
| set-cookie | bm_s=YAAQpiVIF8s7ZeOYAQAAXrbm5wNwSOF+/IgDstXsqsuQO9PkoItDsBH+WN2bWmNhCD4iYBfzLLSc7lhEoRKO/iTkuweQuVwmkLMzEtyO6wWPqTg1QRf7gqtqgKqT0J03Gf4RIgT9/44whs/XWgs8qvbtwe0hUHKMJfdYJYj5Q0Z0k3vvcqnCGkxQC8gPDUOVHP7E+EUHbG3DfBSL7gdqhmgxUYEXIJCXTSxkqLQ7F85qGh9AJfkMMRTZk8E16lgCLZDMpG9PtTwFMoxrBtDuB7Piky6KqPRX0AXtsia/bpwVwBsSckQWnR5ydbZ9Gzjonib7L+R7ztYtdKY43Vpgd1W5yqc4QQS01wQSFmU0lhh/ZmQm8TF/Iw/3QFHvI+poVP9VI8som1SNQIAkGHcHnMMkrS4R1yZch6762mXeUjkgsiMDFVOyXgelRvHxxcnn2IWhxyiLE+J0eMPEv/D68cYR7yME5IIqS7FadWmZG6VQ/Z1eAQRlDXhfrPYoAh2OJ1RRdrU8kXz4AXiphe/Hi+fnRH2fVtke8L1i8BOlbmGMMG2p4C1a8gcOdP7B; Domain=.qatarairways.com; Path=/; Expires=Fri, 26 Sep 2025 19:41:53 GMT; Max-Age=2678400; Secure; HttpOnly |
| set-cookie | bm_so=ADD19859A6DBBF1C00740C83C49E736F38BB80BEEF81E338C31FF675059F512A~YAAQpiVIF8w7ZeOYAQAAXrbm5wRBpcLEIm2A9bd0cwQqYAHio/OIei1G9cmDfU77I0nyJGkivatzazW2an05Ytdt2CZPGLBCRPv/HUD6U49VMZHri0rTqTc2Dvi/2zTde7jWLrPPV3s5YaW62koOXBAmaGtmUDMYROJdSx+Z66RWJ31tTVyPVQV27iNZomzeq+QeG0CsbQdVQPZE4EXFfel9lE26eqKa8GIwQo33cfONcae3zDMLwsME3Ywvl6QMIZLL9oGxb5l+qQkxx76DmfASLgLG3MHbKW3x8un0aw5sEV6OcPwOuMxLEXqeP0MvzFbQ0nb2mlzHzuVNxlwIJr2mtnyPGEA8QU9ik3UvW2OkpgTk7BDEsmZGpXtBpWejUTI4uzauFlcggqDFCSgc8xIRusallkBV8X3vwiwjMUID5+CfcmU1+/6/PPCUbCiXK9EmcEZSVrYaz4lvdxkGZnq+9dC+; Domain=.qatarairways.com; Path=/; Expires=Wed, 27 Aug 2025 19:41:53 GMT; Max-Age=86400; Secure |
| set-cookie | bm_sz=88D567D4E7173313CF6BD48C40F76A92~YAAQpiVIF807ZeOYAQAAXrbm5xxXJq3Oth1fXN6jUFFj+eW4wL3QzgY/Bj8i37yRe5dRdtZ0Os2+7Hbm6dIBSmW4QjWxZzB1zIeEyOkftaaHxX7vxvCtC2A359H8Ej0pK38MlbY2nNysfULIYleTn1dbLa3MOuh5U/orIRmVQgJycKGPglSOEnFphxFUC+h+sAID6f6GfmQQLbinQOORLnK75m3kzlgBFi5h0S5WYse8dp2HH/rhDOfj/KuqXt/NovbkEZIlwhT7id1aFACip02waqfW96dPptJNQZa+dmiedUolWOOQ2B3jkkwWAy61mC8YA1nUigWHcTn9m/Q+deVL1M/C/JmbBrHU7qfq0Oe78ekf/wZYnBEa0BRILj15Vl8z+6CeZI41vi88tIjUI5u34Hw=~4534850~3618881; Domain=.qatarairways.com; Path=/; Expires=Tue, 26 Aug 2025 23:41:53 GMT; Max-Age=14400 |
| server-timing | ak_p; desc="1756237313187_390604198_135481473_39669_20083_9_13_15";dur=1 |
Upcoming Headers
| Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
|---|---|
| Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
| Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
| server | This Server header seems to advertise the software being run on the server but you can remove or change this value. |
|---|---|
| x-content-type-options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
| x-xss-protection | X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was "X-XSS-Protection: 1; mode=block" but you should now look at Content Security Policy instead. |
| x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
| strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |